Next Article in Journal
A Cost-Oriented Optimal Model of Electric Vehicle Taxi Systems
Previous Article in Journal
Willingness to Pay for Substituting Coal with Natural Gas-Based Combined Heat and Power in South Korea: A View from Air Pollutants Emissions Mitigation
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 10
Issue 5
10.3390/su10051555
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism

by
Myeonggil Choi
1,
Jungwoo Lee
2 and
Kumju Hwang
1,*
1
Department of Business Administration, Chung-Ang University, Seoul 06974, Korea
2
Graduate School of Information, Yonsei University, Seoul 03722, Korea
*
Author to whom correspondence should be addressed.
Sustainability 2018, 10(5), 1555; https://doi.org/10.3390/su10051555
Submission received: 3 April 2018 / Revised: 28 April 2018 / Accepted: 10 May 2018 / Published: 14 May 2018
(This article belongs to the Section Economic and Business Aspects of Sustainability)
Browse Figure
Versions Notes

Abstract

:
This study investigated information systems security (ISS) as one of the important issues of e-government for sustainable development. ISS is becoming increasingly important in the discourse on information technology-related organizational transformation, and governments need to undergo organizational transformation to establish an effective ISS system for advancing e-government capacity which plays a vital role in achieving sustainability. Furthermore, ISS breaches are becoming the norm rather than the exception, but ISS can only be achieved when employees fully and firmly embrace the concept by changing their behavior to comply with advanced ISS technologies. A research model is theoretically developed in this context based on institution theory, which proposes a dual path model consisting of legitimacy-leading organizational citizenship behaviors (OCB) and organizational cynicism-causing counterproductive work behaviors (CWB) in the process of innovating ISS for e-government. This dual-path model is empirically tested against 388 data collected from information security managers in 30 departments and councils within Korea’s central government. A structural model evaluation of the collected data principally validates the research model. The results indicate that the path through legitimacy, influenced by normative and coercive isomorphism, is stronger than that through organizational cynicism. The data largely supports the proposed research model, confirming the applicability of institutional theory in explaining the institutionalization processes in effective ISS compliance at the organizational and individual levels. The implications of these findings are then discussed in detail.

1. Introduction

Electronic government (e-government) for sustainable development has been recognized as an international cooperation strategy to accomplish green governments through citizen-oriented service delivery with citizens’ active interactions and participation, and innovative, effective, and high-quality public service [1]. E-government enables public administration to become collaborative governance with citizen and stakeholder participation in public service [2], which can enhance sustainable development [1]. Lee (2017) [3] emphasized the direct and indirect effects of e-government on environmental and social sustainability. Many researchers [3,4,5,6,7,8] highlight the key role of e-government in achieving sustainable development. The positive relationship between e-government and sustainability has been documented, though empirical research has been limited [3]. Estevez and Janowski (2013) [6] defined e-government for sustainable development as “the use of ICT to support public services, public administration, and the interaction between government and the public, while making possible public participation in government decisionmaking, promoting social equity and socio-economic development, and protecting natural resources for future generations” (p. S96).
However, Janowski (2016) [7] reported that less than 31% of the member states out of all United Nations Member States attain the contextualization stage (the advanced stage) of the e-government capacity, and 55% remains at the lowest digitization stage. Accordingly, many states need to advance their e-government capacity with benchmarking or mimetic approaches [1]. Additionally, information security is identified as one of important issues to build and advance e-government for sustainable development [6,8].
Most governments worldwide have used information technology (IT) as a tool to improve not only public service and citizens’ satisfaction, but also efficient communication and interactions with their citizens, constituents, and public administration organizations [9,10]. Recently, e-government has become a new support system for public governance [10]. As security issues have become the third-most important barrier to e-government, after a lack of financial resources and technologies [11], most governments have been confronted with the task of successful and continuous ISS innovation within their organizations. Moreover, ISS has received much attention since the late 1990s, and the issues surrounding ISS have increased [12].
Defined as the “encompassing systems and procedures designed to protect an organization’s information assets from disclosure to any person or entity not authorized to have access to that information” ([13], p. 15], innovation in ISS involves continuous organizational and administrative processes induced by technological innovation. Accordingly, this study perceives ISS innovation as a holistic organizational and administrative innovation, and embraces a philosophy of administrative innovation generated by the inclusive development of security management programs and information security technologies [14]. Furthermore, ISS breaches are becoming the norm rather than the exception. These ISS breaches not only cause inconvenience and harm reputations, but also create strategic, financial, and regulatory risks for firms [15]. Compared with private organizations, ISS violations regarding e-governments may have serious consequences for government organizations. They may sustain serious damage to both reputation [16] and trust, and complex financial, political, and economic losses may result [17] Most ISS breaches are related in some way to employees, and insider breaches occur more frequently than viruses or hacking [18]. Ultimately, information systems are only secured through the appropriate integration of security technologies and policies—including the institutionalization of these policies into practice. Employees then fully and firmly embrace these policies so their behavior becomes more compliant.
In this regard, this institutionalization process [19,20,21] seems to play an important role in the actual implementation of ISS policies and practices. Three social forces based on institution theory are identified as critical antecedents: normative, coercive, and mimetic isomorphism [20]. This study posits that these forces mobilize employees’ innate inertia as related to ISS policy instrumentation. These three isomorphic forces seem to complement each other in incorporating policies and directives into employees’ actual practices.
This study is designed to explore and expose how ISS institutions not only shape ISS policies and practices, but also how they create organizational reactions that influence employees’ behavior, which may consequently lead to effective ISS policy implementation. A dual-path model is proposed regarding these forces’ effects on the individualized institutionalization process: one path involves increasing legitimacy, and the other, decreasing organizational cynicism. Legitimacy and organizational cynicism are two different but interrelated paths to successfully implement ISS policies. In other words, it is conceptualized here that an isomorphic institution affects employees’ perceptions in terms of dual but closely related paths: one via organizational cynicism, leading to ISS-related counterproductive workplace behavior (CWB); and the other via legitimacy, leading to ISS-related organizational citizenship behavior (OCB) that ultimately leads to ISS effectiveness.
Therefore, this study attempts to answer the following questions: (1) How do external isomorphic forces institutionalize ISS policies into actual practice, embraced by individual employees’ OCB and CWB? (2) What are the relative roles played by legitimacy and organizational cynicism in this process? The current study attempts to illuminate the organizational changes made by the South Korean national government to facilitate ISS innovation using an institutional theory framework. Based on its advanced information and communications infrastructure, the Korean government has actively developed e-government as a tool to enhance national competitiveness [22]; Furthermore, the Korean e-government has been evaluated as a most successful model [23]. However, with the development and implementation this advanced e-government, a well-developed ISS and continuous ISS innovation are accordingly necessary to ensure public trust and confidence in e-government. Research on Korean governments’ ISS effectiveness, based on ISS-related organizational change, will provide useful theoretical and practical implications in the fields of e-government and ISS literature.

2. Theoretical Model and Hypotheses

2.1. ISS and Institution Theory

ISS studies have investigated various factors affecting ISS users’ compliant behavior in extant literature, including criminological perspectives, deterrence, environmental factors, and behavioral intentions [24]; Internet abuse, conformity to organizational norms; and ethical practices and moral reasoning [25]. However, Greene and D’Arcy [24] pointed out the lack of ISS research within the organizational behavior perspective, and Ifinedo [26] and Kraemer, Carayon, and Clem [27] stressed the importance of personal and organizational behaviors to understand the factors that affect organization members’ ISS compliance behavior and ISS effectiveness in their organizations. Nazareth and Choi [25] also indicated insufficient ISS research at the organizational level due to organizations’ reluctance to disclose their information on ISS procedures and breaches, which results in a refusal to participate in ISS research.
Dhillon and Backhouse [28] suggested that a socio-organizational perspective should become of importance to achieve ISS effectiveness. However, institutional theory has been recently used as a theoretical framework to investigate information systems and IT [29,30]. Researchers [19,31] have argued that institutional theory can be useful to understand ISS innovation in the context of organizational changes. Hu, Hart, and Cooke [9] suggested that institutional theory as a coherent socio-organizational framework should be used to elucidate not only organizational members’ behaviors, but also how organizational members’ beliefs and attitudes toward ISS develop, change, and are influenced.
Institutional theory has significantly impacted the understanding of organizational changes; some studies [32,33,34] have investigated public sector organizations using the institutional approach. Furthermore, this study focuses on ISS innovation within institutional theory, as both technological and administrative processes that incorporate the Korean government’s organizational changes, through isomorphism, legitimacy, and organizational cynicism; intertwined with employees’ reactive organizational and individual behaviors. Accordingly, this study uses socio-organizational approaches to elucidate the inter- and intra-organizational factors that affect ISS effectiveness in the Korean government. The current study uses dual-path models to focus on how external pressures influence organizational changes and behavior. The relationships among the model’s constituents and their influence on ISS effectiveness were also examined.

2.2. Three Types of Isomorphism and Their Influences on Government Organizations

Isomorphism in the context of institutional theory essentially indicates the institutional pressures that drive organizational changes’ conformity to institutional measures and requisites; this also incorporates organizations’ external influences regarding these organizations’ structures [35]. DiMaggio and Powell [20] indicated that institutional theory developed isomorphism as a central concept with three multi-dimensions: normative (organizational changes are affected by professional or expert influence), coercive (organizational changes are affected by political influence and legitimacy), and mimetic isomorphism (organizational changes are based on their mimicry of successful or “model” organizations in the field). Isomorphism is led by the relationships between organizations and institutions in terms of “domination and dependency, uncertainty, and professionalization” ([36], p. 5).
Normative isomorphism is derived from organizational actors’ professionalization, in terms of educational and training backgrounds and membership in the same professional communities [37]. Organizational actors’ professionalization results in similar professional insights, activities, models, and normative rules due to these actors’ similar dispositions, opinions, and orientations [20]. Furthermore, this promotes interactions among professionalized intra- and inter-organizational actors [36]. As national governments commonly utilize professionals’ and experts’ advice about ISS from academics, researchers, and consultants, normative isomorphism may affect national governments’ ISS.
Coercive isomorphism stems from both formal and informal institutional pressures, including power differences placed on the organization by more influential organizations and based on law, resource control, and social position [36]. These include such regulations and legislation as the European Commission’s Data Protection Directive and the United States’ Sarbanes–Oxley Act. Cultural expectations also function as coercive pressures on the organization in the organizational field’s purported “social network” [38].
Mimetic isomorphism is dominantly used when uncertainty that demands substantial research costs plays a critical role, and is typically and epidemically diffused [32]. Regarding ISS innovation as technology innovation in an organization, mimetic isomorphism involves uncertainty as a powerful source that promotes imitation [29]. The uncertainty indicates that, when organizational members do not clearly understand organizational technologies, such as ISS, with ambiguous goals and symbolic uncertainty, they model themselves after other organizational technology innovation policies and practices [29].
Mimetic influences have been well documented, including the competitive mimetic influence resulting from obtaining ISS certification in the financial sector [31] as well as the mimetic influences in local UK governments [29]. Coercive influences have been evidenced, including coercive effects on an Australian local authority’s internal management control processes [39] and four U.S. states’ government decisions to adopt generally accepted accounting principles (GAAP) [40], and coercive pressures by ISS regulatory agencies [9]. Evidence of normative pressure includes the pervasiveness of the nursing profession as a normative influence on healthcare organizations [36], normative influences on the four U.S. state governments’ adoption of GAAP [40], and the normative influences of professionalism and professional networks related to ISS [9].
Frumkin and Galaskiewicz [33] argued that governmental agencies are influenced by institutional pressures more than business organizations. They found that the government agencies that focused on other government organizations became “more centralized, more formalized, and more departmentalized” ([33], p. 302]. Moreover, mimesis among government organizations resulted in a more prototypical form of bureaucratic control, such as greater hierarchy, more centralized decision-making structures, formalized rules, and more functional departments; normative and coercive isomorphism promoted decentralization. Cordella and Tempini [41] criticized e-government literature and suggested that while information communications technology (ICT) could decrease bureaucracies in government organizations, ICT in government organizations enhances bureaucracy. Accordingly, the three isomorphic influences on ISS innovation, as a necessary requisite of e-government, have similar organizational effects in terms of the bureaucratic or decentralized controls in government organizations. Institutional forces induce not only government organizational changes related to formal structures and control systems, but also organizational changes related to culture, norms, rules, rewards, and punishment, and more importantly, government organizational members’ cognitive and affective behaviors.

2.3. ISS Effectiveness

Organizations’ efforts to enhance ISS effectiveness, such as incentives, rewards, and punishment, may provide external motivations for organizational members to comply with ISS policies and practices. However, their internal motivations, which do not necessarily stem from organizational instrumental strategies and policies, are critical for ISS effectiveness [42]. As a dynamic and continuous process frequently influenced by institutional isomorphism, ISS involves organizational changes supported by organizational legitimacy or resisted by organizational members. Hu et al. [37] argued that ISS research within an institutional theory context could enable us to better understand ISS organizational changes and contexts. Thus, institutional and organizational behavioral approaches may provide rich insights to further elucidate the dynamic and complicated aspects of ISS effectiveness, in terms of the interrelationships between institutional pressures and organizational aspects.
This ISS effectiveness can be defined as an ISS program’s degree of achievement in its goals and objectives; the sufficient protection of information; and continuous application of security measures, such as its methods, information security policies and procedures, and control measures or tools.
Effectiveness must include the entire organization’s overall functioning information security efforts. These include organization-based [43,44] and technology-based efforts [44,45], and raising awareness [44,46]. Security measures and organizational behaviors are essential to ensure ISS effectiveness, and are tightly coupled. An organization’s behavioral factors include user training, a security culture, policy relevance and enforcement [43], and top management [47]. Moreover, ISS effectiveness can be improved by the implementation of such security measures as information security policies, procedures, control measures, tools, and methods, and by increasing employees’ awareness [46]. Raising awareness involves training and education, awareness campaigns, user participation, engaging top management, and learning from incidents.
Hybrid factors consists of overall deterrent efforts and preventive efforts, in addition to preventive efforts targeting the protection of hardware, software, data, and computer services, which also influence ISS effectiveness [45]. Hybrid factors include the number of hours per week devoted to prevention and deterrence, dedication to data security, effort spent notifying users about penalties and acceptable system usage, and the violation and utilization of security software [47].
Previous ISS effectiveness studies have focused on one aspect among the organizational, technological, and hybrid approaches; thus, a gap exists between the present and previous studies. The present study suggests that ISS effectiveness includes a combination of various technology- and organization-based efforts as well as increasing awareness. Technology-based efforts consist of the protection of information assets, data, and computer services. Organization-based efforts include information security policies and organizational structures, in addition to efforts to implement an emergency contingency plan. Increasing awareness involves education, training, and the notification of threat information.
Although institutional factors have been identified as important for ISS effectiveness [9,14], few studies have been conducted. Institutional theory offers a more holistic approach, as it considers such elements as institutional influences, organizational factors, policy-making processes, and technical rationales. This approach can more precisely explain the drivers of ISS effectiveness in e-governments [48]. Furthermore, OCB and organizational legitimacy are also socio-organizational factors that affect ISS’ effectiveness. As OCB improves an organization’s efficiency in terms of resource use, this results in higher productivity, thus leading to higher organizational performance [49]. Legitimacy generates an individual’s loyalty to the organization and leads to organizational members’ improved commitment to policies, action, and organizational changes [50,51].
As OCB and CWB “shape the organizational, social, and psychological context that serves as the catalyst for task activities and processes” ([52], p. 100), OCB-CWB relationships have received much attention regarding job performance, which influences organizational effectiveness [53]. As OCB benefits the organization, while CWB harms the organization, they can be regarded as conceptually opposite [53]. Thus, it is reasonable to contemplate that OCB as related to ISS helps ISS effectiveness, while CWB hinders it.

2.4. Dual Paths

2.4.1. Legitimacy Path: Isomorphism, Legitimacy, and OCB for ISS Effectiveness

It is a well-known proposition that isomorphism leads to legitimacy [20]. Furthermore, isomorphism highlights its importance [54]. Institution theory stresses that organizational changes do not occur for better organizational substantive performance, but for greater legitimacy [32]. Institutional isomorphism requires changes to organizational norms, beliefs, structures, practices, and processes, and legitimacy justifies these changes. Organizational members accept the increased legitimacy gained through isomorphism as an adaptive action for their survival [55].
The strategic approach notes that organizations use legitimacy as an operational resource to help achieve their objectives and goals [56], while institutional theory emphasizes legitimacy as “a condition reflecting perceived consonance with relevant rules, norms, and beliefs” ([57], p. 59). Suchman ([58], pp. 573–574) integrated the two views to define legitimacy as “the generalized perception or assumption that the actions of an entity are desirable, proper, or appropriate within some socially constructed system of norms, beliefs, and definitions”. Suchman ([58], p. 571) also elucidated the role of legitimacy as “an anchor-point of a vastly expanded theoretical apparatus addressing the normative and cognitive forces that constrain, construct, and empower organizational actors”.
Westphal et al. [59] argued that different types of legitimacy are shaped by different attributes or levels of isomorphism; for example, individual legitimacy is based on authority and accepted social structure, and organizational legitimacy originates from the organization’s prevalent cultural values. This study investigates organizational legitimacy as a central construct of the ISS research model, as organizational legitimacy internalizes the organizational changes stemming from isomorphic influences, and isomorphism functions as an external force. Perceived value congruence and legitimacy are identified as intrinsic incentives for ISS compliance that positively influence it [60]. When institutional isomorphism forces national governments to engage in ISS, legitimacy leads organizational actors to identify the new ISS practices as a “socially constructed system of norms, beliefs, and definitions” [57].
Coercive isomorphism, such as enforcing the Sarbanes–Oxley Act as a universal mandate, has established a new legitimacy for information security practices and protocols [37]. By adopting total quality management practices, consultants as change agents have normative and mimetic influences, and their input is valued not only as knowledge and as technological advice, but also as a source of legitimacy [61]. Hence, the following hypotheses are proposed:
Hypothesis 1 (H1).
Normative isomorphism is positively associated with ISS legitimacy.
Hypothesis 2 (H2).
Coercive isomorphism is positively associated with ISS legitimacy.
Hypothesis 3 (H3).
Mimetic isomorphism is positively associated with ISS legitimacy.
Organ ([62], p. 4) defined OCBs as “individual behavior[s] that [are] discretionary, not directly or explicitly recognized by the formal reward system, and that in the aggregate promote the effective functioning of the organization”. These are organizational members’ discretionary behaviors, which exceed basic requirements and result in improved organizational effectiveness [25,63]. Furthermore, OCBs include OCB-organization (OCB-O) and OCB-individual (OCB-I), which benefit the organization and the individual, respectively. These types distinguish OCBs based on the target or beneficiary of a specific OCB behavior [64]. While OCB-O encompasses civic virtue, conscientiousness, and sportsmanship, OCB-I encapsulates altruism and courtesy [65].
Legitimacy leads to organizational members’ OCBs as well as organizational commitment and job satisfaction [66]. As perceived legitimacy (i.e., organizational members perceive the ISS as appropriate and desirable) justifies ISS compliance [60], perceived legitimacy may lead to OCB when ISS compliance is perceived as meaningful. Organizational actors’ perceptions of their own work as meaningful positively affect OCB [67]. Thus, this study proposes the following hypotheses:
Hypothesis 4 (H4).
The legitimacy of ISS is positively associated with OCB-I.
Hypothesis 5 (H5).
The legitimacy of ISS is positively associated with OCB-O.
Furthermore, OCB can improve individual compliance with information security policies and lead to success in information systems [68]. While it has been suggested that OCB positively relates to organizational effectiveness, efficiency, and success [18,64], empirical studies have seldom explored the relationship between OCBs and organizational effectiveness [22].
Defined as “individual behavior that is discretionary, not dependent on the use of rewards or punishments to encourage performance, and that in the aggregate promotes the effective functioning of the organization” [62], OCB encourages employees to accept change and find constructive resolutions to problems. This also helps employees cooperate with each other, and share power in the organization’s politics. Moreover, OCB can increase individuals’ willingness to resolve conflicts and dedicate themselves to their organization, rather than seeking benefits for themselves individually or for the groups in which they participate [69].
Furthermore, such OCBs as helping and advising can improve the effectiveness of information security policies, or ISPs [70,71]. Helping involves a small, considerate behavior toward others, and can involve assisting employees who are unfamiliar with ISPs. This can also include with how to implement them may act appropriately by providing guidance to ISPs, identifying inappropriate conduct, or helping others learn the ISPs. Individuals in the working environment can voluntarily provide assistance to keep ISPs. Advising, or providing advice, is another cooperative organizational behavior, and provides feedback intended to improve the current situation [72]. Advising is crucial in a contemporary information security environment, in which new threats emerge and frequent changes occur in technologies. Providing adequate advice from employees can encourage individuals to comply with ISPs, and can enhance the ISPs’ content.
OCB can be categorized into OCB-I and OCB-O depending on whether a behavior or its target is directed at individuals or an organization [64]. First, OCB-I benefits individuals, as this involves an organizational member actively providing advice to other members regarding how to use ISS systems; this category consists of both altruism and courtesy [64,73]. Furthermore, OCB-O targets organizations, such as an organizational member voluntarily reporting a hacking e-mail to the organization, and involves conscientiousness, civic virtue, and sportsmanship [64,73].
Although OCB has been studied in various fields for several decades, few researchers have investigated whether OCBs can successfully prompt socio-emotional support, which directly influences the success of both ISS implementation [14,68] and ISS effectiveness [71]. Based on previous studies, this study anticipates that OCB positively improves ISS effectiveness. Thus, this study proposes that:
Hypothesis 6 (H6).
OCB-I is positively associated with ISS effectiveness.
Hypothesis 7 (H7).
OCB-O is positively associated with ISS effectiveness.

2.4.2. Organizational Cynicism Path: Isomorphism, Organizational Cynicism, CWB, and ISS Effectiveness

People rarely welcome change, and especially in a work context in which they must strive to change their established routines and increase their cognitive load [74]. People tend to resist change and become cynical about anything that interrupts the status quo in their working lives [65]. When faced with social forces to change the organization, or in this case, ISS policy implementation, an employee’s stance is cynical, at best. Organizational cynicism has been identified as a prevalent phenomenon in organizations [75,76], and has recently received increasing attention in research on organizational changes [77,78]. According to Reichers, Wanous, and Austin [60], organizational cynicism is conceptually and closely linked to organizational change. Bergström, Styhre, and Thilander ([77], p. 384) argued that “organizational cynicism has been viewed as a form of resistance driven by the unsuccessful implementation of organizational change or, in contrast, as a direct negative attitude towards management”. Stanley, Meyer, and Topolnytsky [79] found that change-specific cynicism predicts the intention to resist change, and [80] described cynicism as a discursive tactic of resistance. Organizational cynicism results in increased beliefs of unfairness as a cognitive aspect; feelings of distrust as an affective aspect; and related actions about and against the organization as a behavioral aspect [81]. Organizational cynicism causes various negative workplace behaviors, such as frequent absences, poor performance, and grievances [82], and passive participation or inaction in organizational change efforts [60].
Dean et al. ([76], p. 345) defined organizational cynicism as “a negative attitude toward one’s employing organization, comprising three dimensions: (1) a belief that the organization lacks integrity; (2) negative affect toward the organization; and (3) tendencies to disparaging and critical behaviors toward the organization that are consistent with these beliefs and affect”. Dean et al.’s [76] definition is based on the conceptualization of organizational cynicism as an attitude detrimental to the organization. Stanley et al. ([79], p. 452) defined the characteristic of cynicism as the “disbelief in the motives of others”. The authors further identified three types of cynicism: change-specific cynicism, as “a disbelief of management’s stated or implied motives for a specific organizational change”; management cynicism, as “a disbelief in management’s stated or implied motives for decisions or actions in general”; and dispositional cynicism, as “a disbelief in the stated or implied motives of people in general for their decisions or actions” ([79], p. 436). This study focused on change-specific cynicism, because this addresses organizational change for ISS innovation; and management cynicism, because it is incredibly difficult to ignore the interaction effects between employees’ disbelief in a specific organizational change and their general disbelief.
Executives and managers typically value employees who are willing to respond positively to the initiation of change. However, organizations attempting to change established routines or introduce new ones frequently falter when insiders resist these changes [83]. This often occurs for simple reasons; specifically, the benefits of these changes may not be in concert with the interests of the individuals being asked to make the changes [38]. This phenomenon of resistance and organizational cynicism can be explained relative to institution theory, as the social forces shaping organizations can be coercive, normal, or mimetic [20,84]. Furthermore, these different forces might have different effects on the levels of organizational cynicism.
Studies of organizational cynicism have been extremely scarce in information systems research, but resistance has been documented. As organizational cynicism can be viewed as a form of resistance, this study extends the literature review on organizational cynicism to that of resistance in information systems literature. Resistance has been recognized as a critical variable in information systems research [85] as well as in organizational transformation literature [38]. Lapointe and Rivard [85] identified four different theoretical models to explain user resistance: (1) the power theory [85], (2) equity theory [86], (3) passive-aggressive theory [87], and (4) attribution theory [79]. These theories of resistance can be used to relate institution theory to user resistance, as follows.
The pressures coming from professional organizations and colleagues are normative isomorphic forces. Normative isomorphism results in the organizational members’ professionalization and creates similar orientations and dispositions among these members through their similar education and training experiences and participation in professional networks [9]. These normative pressures are more readily accepted than other institutional forces, as they come from similar shared experiences and orientations. Thus, it is posited that normative isomorphism may mitigate organizational cynicism.
Hypothesis 8 (H8).
Normative isomorphism is negatively associated with organizational cynicism toward ISS.
The power theory in information systems resistance research portrays resistance as a result of the redistribution or loss of power [88]. Regarding user resistance, users are more likely to resist when they perceive that the system instigates a loss of power on their part, whether implicitly or explicitly [89]. Moreover, it can be inferred that the level of resistance relates to the feeling of losing importance. Coercive isomorphic forces result from both formal and informal pressures placed on organizations by the authorities upon which they depend [20]. Thus, such pressures may be felt as forcefully unbalancing the present state of power, which may cause people to resist the changes to be implemented [90]. Generally, ISS mandates by external authorities are expected to increase the message receiver’s resistance. Thus, it is posited here that coercive isomorphism may increase the level of organizational cynicism as a form of resistance on the user’s side.
Hypothesis 9 (H9).
Coercive isomorphism is positively associated with organizational cynicism toward ISS.
Mimetic isomorphic forces occur due to high uncertainty, which is a powerful driver in persuading organizations to imitate and follow the models in other leading organizations [83]. When technologies are not clearly understandable, the goals of changes are ambiguous, or the consequences of technologies are unclear, organizations may attempt to follow other organizations, especially leading ones [20]. Mimetic isomorphic forces may increase or decrease the level of organizational cynicism depending upon the reason for mimicry. When this reason justifiably relates to an individual benefit [26], employees will not strongly resist. However, when the reason for mimetic adoption is not clearly explained or justifiable for employees’ benefit [26], they may resist or nonetheless act passive-aggressively [86]. Regarding ISS, the goals and processes of ISS policy and practice do not directly relate to employees’ business activities in most organizations; therefore, ISS’ benefit is unclear to most employees. Thus, it is posited that mimetic social forces may increase organizational cynicism.
Hypothesis 10 (H10).
Mimetic isomorphism is positively associated with organizational cynicism toward ISS.
Organizational cynics criticize their organization for a lack of integrity [76] and sincerity, unfair operations [66], and prevalent unscrupulous behavior [76]. Although organizational cynicism cannot be identified as a simple representation of a lack of organizational commitment, it negatively relates to organizational commitment [76]. Organizational cynicism, as a barrier to the enforcement of organizational changes, was viewed from the management perspective as organizational members’ reactions to inappropriately implemented changes and managerial incapacity [77]. Furthermore, Bergström et al. ([77], p. 387) argued, “Perhaps the most important consequence of cynicism is that the legitimacy of leadership may be undermined and the organization’s capacity for future changes is decreased”.
Organizational cynicism may hinder organizational changes because it fuels suspicion of change agents’ motivations, and increases the inertia and indifference to these agents’ efforts [91]. Moreover, organizational cynicism compels employees to ignore new programs and procedures [75]. MacLean and Behnam (2010) [92] studied the dynamic between decoupling, legitimacy, and institutionalized misconduct to suggest that members’ organizational cynicism regarding decoupled programs resulted in internal illegitimacy. Furthermore, Holderness et al. [70] argued that members with negative legitimacy perceptions of their formal ethical program might adopt views that are more cynical; IT resistance also includes this organizational cynicism [47].
Accordingly, it may be reasonable to propose that organizational cynicism might generally cause CWB and breed suspicion of an organization’s ulterior motives, as organizational cynicism results in employees’ widespread suspicions of the motivations underlying new programs [91]. Additionally, organizational cynicism tends to deny organizational integrity, which is fortified by the legitimacy led by isomorphism.
According to Reichers, Wanous, and Austin [60], organizational cynicism about change can cause a decline in employees’ motivation, job satisfaction, and loyalty. Accordingly, employees tend to engage in CWB, which can be defined as “[…] voluntary acts that violate significant organizational norms and are contrary to the organization’s legitimate interests” ([93], p. 554). Like OCB, CWB has been distinguished by interpersonally (CWB-I: deviant behavior directed toward other employees, such as gossiping about coworkers) and organizationally directed (CWB-O: deviant behavior directed toward the organization, such as taking overly long breaks) aspects of workplace deviance [53].
The assumption that human agents have malicious intentions leads ISS research regarding how to control employees’ antisocial or problematic ISS-related behavior, such as corrupting organizational information, disabling ISS, or destroying or deleting data [94]. This kind of ISS-related misconduct can be regarded as CWB to ISS [95]. Organizational cynicism-induced or resistance behavior can be passive, such as verbal reactions; or aggressive, such as sabotage and indifference. Generally, it manifests as counterproductive behavior [96]. Similarly, counter-ISS behavior can be as passive, as with non-compliance; or active, as with leaking. As CWB is designed to mitigate negative effects [95], organizational cynicism acts as a negative effect, and attitude becomes a proximal cause of CWB. Thus, it is posited here that the organizational cynicism toward ISS policies and practices will increase the level of counter-ISS workplace behavior, which will decrease the ISS’ effectiveness:
Hypothesis 11 (H11).
Organizational cynicism toward ISS is positively associated with ISS-related CWB-O.
Hypothesis 12 (H12).
Organizational cynicism toward ISS is positively associated with ISS-related CWB-I.
Hypothesis 13 (H13).
Employees’ ISS-related CWB-O is negatively associated with ISS effectiveness.
Hypothesis 14 (H14).
Employees’ ISS-related CWB-I is negatively associated with ISS effectiveness.

3. Methodology

This study conducted an empirical analysis to demonstrate each isomorphism’s influence on ISS effectiveness. We tested these influences by establishing organizational cynicism, organizational legitimacy, OCB-O and OCB-I, and CWB-O and CWB-I as mediating variables. We analyzed these effects by conducting various analyses, including a path analysis, and an analysis of direct, indirect, and mediating effects.

3.1. Measurement of Constructs

We used each of the three items to represent mimetic, coercive, and normative isomorphism, derived from an instrument designed by Heugens and Lander [97] and Liang, Saraf, Hu, and Xue [98], which was modified to apply to information security. Organizational legitimacy was measured using four items from the works of Lee and Yoon [99] and Yoon and Thye [100]. Organizational cynicism was measured using six items from Stanley et al.’s [79] work. We measured OCB-I and OCB-O by using 12 items from Williams and Anderson [64]; CWB-O and CWB-I were measured using 3 items each from works by Bennett and Robison [101] and Aquino, Lewis, and Bradfield [102]. The ISS effectiveness was measured based on previous studies [41,44,45,46] and modified to reflect particular characteristics of the South Korean government. We measured ISS effectiveness by developing six items that pertain to the completeness of information security policies and efforts to protect information assets, including data protection, information services, awareness, and organizational systems to detect intrusions.
We used four demographic-controlled variables: gender, age, education, and working years. Previous studies have indicated that gender and age are significant in security policy compliance [103,104].
Table 1 illustrates this study’s research model. All variables were measured with previously validated items and further modified, and all items were measured on a five-point Likert scale, in which one denotes ‘strongly disagree’ and five denotes ‘strongly agree’.

3.2. Data Collection

Paper questionnaires were distributed by information security managers in 46 departments and councils within Korea’s central government; 500 questionnaires were distributed to each institution, and 410 were returned. The number of questionnaires sent to each institution was from 12 to 15 in consideration of each institution size. Of the 500 paper questionnaires sent, 410 were collected. We received responses from all of the institutions which received questionnaires. Table 2 shows the response statistics.
The average number of returned questionnaire was about 11.38. The minimum number of questionnaire we received from the institution was about 10 and the maximum number of the questionnaire was 14. The questionnaires were collected from May to September 2015. Questionnaires with incomplete or unreliable answers were discarded, with 388 valid questionnaires then obtained, or an effective sample response rate of 77.6%. Table 3 displays the respondents’ characteristics.
As Table 3 indicates, the proportion of men was higher than that of women, and most of the respondents were between 31 and 50 years old. Most of the respondents have earned a bachelor’s degree and are regularly employed.

4. Data Analysis and Results

The partial least squares (PLS) was used to empirically evaluate the theoretical model. This method is a structural equation modeling technique that simultaneously tests measurement and structural models; it produces weights between the standardized regression coefficients between constructs, reflective constructs, and their indicators; and coefficients of multiple determination (R-squared) for the dependent variables [66]. The significance levels for loadings, weights, and paths are calculated in PLS through bootstrapping; 500 bootstrap samples were used to empirically calculate standard errors and evaluate statistical significance [105].
We used a confirmatory factor analysis instead of an exploratory factor analysis. As an instrument becomes established, exploratory factor analysis procedures are generally replaced with the more sophisticated confirmatory factor analysis [106]. We applied the well-established theoretical framework of the institutional theory. The relationships between institutional isomorphism and legitimacy, and between institutional isomorphism and organizational cynicism have been well-documented, which makes CFA appropriate rather than EFA. The low R-squares which have been pointed out and the result that does not show the positive association between mimetic isomorphism and ISS legitimacy may be derived from ISS characteristics, which calls for further studies. Although we did not directly mention about the low R-squares, we extensively discuss about the relationships between isomorphism and legitimacy and organizational cynicism in the Discussion and Conclusion section [105].
The PLS results are two-fold: the first section presents the measurement model and its validities, both convergent and discriminant. The second section presents the structural model’s results, in that it assesses each dependent variable’s relative importance [107].
Convergent and discriminant validities should also be evaluated in the measurement model [108]. An indicator of reliability, composite reliability, and the average variance extracted can assess convergent validity [66]. Table 4 demonstrates that most loadings were above the 0.7 threshold, suggesting good indicators of reliability. The composite reliabilities (CR) were all greater than 0.7; additionally, Cronbach’s alpha values were greater than 0.7, indicating that the data is reliable.
Table 5 notes the correlations among reflective constructs and the square root of the average variance extracted (AVE) and item correlations is described in Appendix A. All of the constructs were more strongly correlated with their own values than with any of the other constructs.
Finally, cross-loadings were calculated, and all indicators revealed higher loadings with their respective construct than with any other reflective construct [108], which demonstrates good convergent and discriminant validity.
The structural model illustrates the relationships between constructs as hypothesized in the research model. The paths and coefficients of determination (R-squares) collectively present how well the model performed. Figure 1 shows that the structural model was tested using the loadings and significance of the path coefficients and t-values. The model explained 51.8% of the total variance in ISS effectiveness.
Hypothesis 1, which states that normative isomorphism is positively associated with the legitimacy of ISS (path coefficient = 0.281, t-value = 3.959), and Hypothesis 2, which states that coercive isomorphism is positively associated with the legitimacy of ISS (path coefficient = 0.188, t-value = 3.106), were supported. However, Hypothesis 3, which states that mimetic isomorphism is positively associated with the legitimacy of ISS (path coefficient = −0.019, t-value = 0.270), was not supported. This indicates that both normative and coercive isomorphism increase the legitimacy of ISS.
Hypothesis 4, which states that the legitimacy of ISS is positively associated with OCB-I (path coefficient = 0.609, t-value = 17.161), and Hypothesis 5, which states that the legitimacy of ISS is positively associated with OCB-O (path coefficient = 0.601, t-value = 17.625), were supported. This demonstrates that the legitimacy of ISS can increase both OCB-I and OCB-O.
Hypothesis 6, which notes that OCB-I is positively associated with ISS effectiveness (path coefficient = 0.430, t-value = 8.880), and Hypothesis 7, which notes that OCB-O is positively associated with ISS effectiveness (path coefficient = 0.375, t-value = 7.684), were collectively supported. This result indicates that both OCB-I and OCB-O improve the effectiveness of ISS.
Hypothesis 8, which notes that normative isomorphism is negatively associated with organizational cynicism to ISS (path coefficient = −0.111, t-value = 1.983), and Hypothesis 9, which notes that coercive isomorphism is negatively associated with organizational cynicism to ISS (path coefficient = −0.199, t-value = 2.850) were supported. This indicates that both normative and coercive isomorphism decreases organizational cynicism toward ISS. However, Hypothesis 10, in that mimetic isomorphism is positively associated with organizational cynicism toward ISS (path coefficient = 0.158, t-value = 1.929), was supported; this indicates that mimetic isomorphism increases ISS cynicism.
Hypothesis 11, which notes that organizational cynicism toward ISS is positively associated with ISS-related CWB-O (path coefficient = 0.475, t-value = 9.486), and Hypothesis 12, which notes that organizational cynicism to ISS is positively associated with ISS-related CWB-I (path coefficient = 0.519, t-value = 10.361), were collectively supported; this demonstrates that organizational cynicism increases both CWB-O and CWB-I.
Hypothesis 13, which states that employees’ ISS-related CWB-O is negatively associated with ISS effectiveness, was not supported. Hypothesis 14, which states that employees’ ISS-related CWB-I is negatively associated with ISS effectiveness, was supported. This reveals that employees’ CWB-I decreases the effectiveness of ISS.
As Table 6 illustrates, we analyzed individual variables’ impacts on the endogenous variables in the model. To know which isomorphism among mimetic, normative and coercive isomorphism influences highly on ISS, we analyzed total effect along the path. The results of the analysis showed that normative isomorphism’s total effects on the effectiveness of ISS are the largest of the other two isomorphic types.
Additionally, we conducted a common method bias (CMB) test based on Podsakoff, MacKenzie, Lee, and Podsakoff’s CMB method [109], and adapted this to Liang, Saraf, Hu, and Xue’s PLS analysis [98]. The indicators of all constructs were reflectively associated with the method factor; each indicator variance was then computed as explained by the principle constructs and the method factor. Table 7 notes that most of the method loadings were not significant. Moreover, the common method-based variance for an indicator was only 0.015, whereas the average substantive explained variance was 0.799. Based on the results of these tests, it was determined that CMB was apparently not a significant threat in this study.
Table 8 summarizes the results of hypothesis.

5. Discussion and Conclusions

This study investigated ISS as one of important issues of e-government for sustainable development. Effective ISS becomes critical for advancing e-government capacity which plays a vital role in achieving sustainability. As few ISS studies have used institutional theory, and have primarily applied this only conceptually in case studies [9,19], this study investigated this empirically under-researched area. Furthermore, to our knowledge, this is the first study to use both OCB and CWB constructs to explain ISS effectiveness.
This study conceptualizes the three social isomorphic forces proposed in institution theory—coercive, normative, and mimetic—as critical antecedents of effective ISS implementation among employees. Furthermore, a dual-path model is theoretically developed as a mediating mechanism in ISS institutionalization, and proposed here for empirical validation. One path occurs via legitimacy and OCB, while the other occurs through organizational cynicism and CWB. This is the first time that this dual-path model—in which legitimacy, organizational cynicism, and OCB-CWB parallel each other—has been empirically tested to study its ISS effectiveness.
The data largely supports the proposed research model, confirming the applicability of institutional theory in explaining the institutionalization processes in effective ISS compliance at the organizational and individual levels. A total effect analysis reveals that the normative isomorphic force is most influential on ISS effectiveness among the three social forces. Furthermore, it has been illustrated that the path through legitimacy and OCB is stronger than the path through organizational cynicism and CWB. Coercive force also has a favorable effect on the establishment of ISS legitimacy and the reduction of organizational cynicism regarding ISS innovation-related organizational change. Coercive isomorphism’s strong effect in our results may imply the need to enact appropriate legislation and regulations focusing on the effective implementation, monitoring, and control of individual ISS-related behavior. This may be due to privacy issues and the problem that it is extremely difficult to establish a formalized, structured evaluation of individual employees’ ISS behaviors [107]. Furthermore, normative isomorphism promoting ISS professionalism and networks can play a vital role in enacting appropriate ISS implementation-supportive regulations and policies. This is because the leadership of ISS professionals and networks as persuasion agents may reduce organizational cynicism and resistance, and generate organizational and individual agreement and participation in establishing ISS implementation-supportive regulations and policies. Further studies on coercive force’s effect on ISS effectiveness in various stages of ISS innovation and implementation can provide useful insight to develop appropriate and useful coercive approaches and methods.
Contrary to our hypothesis, mimetic isomorphism did not lead to ISS legitimacy in our study. This may be because mimetic pressures, such as adopting new systems or procedures mimicked from other government departments or overseas governments, do not change organizational members’ prevalent beliefs, norms, and culture, which are the root of legitimacy. The legitimacy of ISS internalizes the isomorphic pressures generating organizational changes. However, mimetic isomorphism seems to threaten organizational members in the form of mimicking without a meticulous inspection of internal resources, capacity, and norms and beliefs. This result is noteworthy, but inconsistent with Hwang and Choi’s [71] finding that mimetic isomorphism leads to legitimacy. This inconsistency may stem from the differences between this and the authors’ studies, in that Hwang and Choi’s [71] study only observed the link between mimetic isomorphism and legitimacy, while this study simultaneously compared the three forces’ influence. When these three forces compete with each other to influence the technological and administrative ISS processes that accompany organizational changes, an organization’s members might react positively to the most flexible or least threatening force to justify organizational changes. Furthermore, organizational members may perceive that normative isomorphism, such as the establishment of appropriate culture; formal, informal, and discursive communications; model processes and actions; and training ISS experts and professionals through academic ISS associations and committees and government networks does not force radical or rapid organizational and systematic changes. Additionally, normative isomorphism plays a role in persuasion, and in justifying the importance of ISS effectiveness in various ways; thus, normative isomorphism might be involved in psychosocial and communicative processes.
Three forces regarding government control have structurally different influences on government control structures. Moreover, coercive and normative isomorphism promote decentralization, which encourages bottom-level power, duty, and voluntary participation. Conversely, mimetic isomorphism fortifies bureaucratic and top-down control [33]. The three forces’ differing influences on the government’s control structure may result in different effects on organizational cynicism. Contrary to our hypothesis, coercive isomorphism reduces organizational cynicism; this result may be explained by the effect of the coercive force on the promotion of decentralization. Alternatively, mimetic isomorphism in promoting bureaucratic control increases organizational cynicism.
Normative pressure in our analysis seems to be most influential on ISS effectiveness based on a total effect analysis of the three forces. This contrasts the general belief that coercive forces, in the form of governmental regulatory policies, can most powerfully drive organizational changes [34,110]. As our model aimed to identify the mechanism of institutionalization to effectively influence ISS effectiveness at the organizational level (legitimacy and organizational cynicism), the normative pressure from a cohort group with similar occupations may not cause strong organizational cynicism compared to other types of forceful isomorphism. Although the coercive strategy might more effectively function for mechanistic changes in business processes, the normative strategy would function better for cases in which employees must voluntarily accept changes, as in the case of ISS.
Awareness among different professions is seemingly more important in practice than having ISS technologies or technicians in place. As the cohort group’s influence seems to be the strongest, the ISS strategy should more closely approximate an inkblot approach, expanding the number of supporters in different occupational groups by their associations and networks. Transformation leadership should be developed in this inkblot approach by not only individual department or team levels, but also professional associations or committees, who should act as transformational leaders at the general ISS field level to expand ISS networks, which can help to establish norms, a belief culture, and standards in the government.
As normative isomorphism can be successful when ISS-centered norms and cultures, internalized ISS processes, and organizational integrity are established, transformational ISS leadership is vital, as this promotes extensive communication in real time and builds trust between ISS leaders and organizational members. Transformational leaders demonstrate behaviors at the appropriate stage of the transformational process, which leads to a successful change in the organization’s status quo [111]. Transformational leaders should not only provide an appropriate vision of ISS policies to promote employees’ strategic and motivational focus, but also elicit employees’ commitment to ISS with charismatic leadership. This further manages the two components of employee cynicism regarding organizational change: improving perceptions of future success and build faith in those responsible for the changes, transformational leadership can mitigate employee cynicism regarding organizational change. Consistent with social learning theory, employees are more likely to accept and commit to transformational leadership, which can reduce organizational cynicism regarding change. Transformational leaders should lead employees’ perceptions of future ISS success, faith in ISS change agents [80], and their benefits from ISS. Sufficient, discursive communication and ISS success stories and rituals can cultivate an ISS-supportive culture. Transformational leaders should become facilitators to promote the creation of an ISS-supportive culture that encourages employees’ ISS-related OCB. Rather than developing anecdotal cases across industries, specific examples in specific industries would function better to increase ISS awareness among specific occupational groups. Coercing employees to follow specific ISS policies may also be important in cases with immediate risks, but the normative realization of risks among cohort groups will be more effective in terms of reducing insider risks in the long-term.
It is noteworthy that CWB-O does not influence ISS effectiveness, while CWB-I negatively affects ISS effectiveness. It is possible that ISS violations, which explicitly harm the organization, were prevented by regulations or systematic controls and monitoring, or employees may not assume the risks inherent to deterrence punishment. Alternatively, employees may focus on trivial CWB-I, which is not easily revealed. However, CWB-I should not be treated as a minor deviance because this negatively affects ISS effectiveness. Furthermore, CWB-I may fortify organizational cynicism, harm interpersonal employee relationships, and hinder creating ISS-supportive cultures and norms. This may occur because some employees perceive through CWB-I that their colleagues may treat them as outcasts or subtly harass them due to their participation in ISS-organizational efforts.
This study has a few limitations, which may offer research opportunities. First, it is posited here that three isomorphic forces’ different natures should be predicted to work differently in an ISS context. As this is the first empirical trial, these predictions must be further refined and tested to confirm our findings. Moreover, as our study is cross-sectional, a longitudinal approach would be useful to complement our findings.
Theoretically, we have treated the three forces the same, although some may occur before the others. Coercive forces in practice may lead to mimetic institutionalization, as details of policies and practices might not be clearly defined in authorities’ coercive directions, or these might be subject to normative discussion and refinement through networks of cohort groups. Thus, these forces might relate to each other either sequentially or in time.

Author Contributions

M.C., J.L., and K.H. conceived and designed the research model and survey design; M.C., J.L., and K.H. collected data; M.C., J.L., and K.H. analyzed the data; M.C., J.L., and K.H. wrote the paper.

Acknowledgments

This work was supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea (NRF-332-2009-1-B00217).

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A. Item Correlation

Table
NOR1NOR2NOR3COR1COR2COR3MIM1MIM2MIM3LEG1LEG2LEG3LEG4CYN1CYN2CYN3CYN4CYN4CYN6OCI1OCI2OCI3OCI4OCI5OCI6OCO1OCO2OCO3OCO4OCO5OCO6CWI1CWI2CWI3CWO1CWO2CWO3ISS1ISS2ISS3ISS4ISS5ISS6
NOR11.000
NOR20.319**1.000
NOR30.452**0.563**1.000
COR10.323**0.429**0.468**1.000
COR20.546**0.300**0.405**0.467**1.000
COR30.464**0.388**0.440**0.308**0.552**1.000
MIM10.426**0.192**0.385**0.247**0.396**0.426**1.000
MIM20.362**0.212**0.229**0.190**0.313**0.304**0.498**1.000
MIM30.359**0.362**0.309**0.272**0.411**0.407**0.456**0.489**1.000
LEG10.181**0.328**0.319**0.303**0.190**0.261**0.0410.0490.274**1.000
LEG20.187**0.343**0.329**0.349**0.251**0.281**0.0750.0760.319**0.852**1.000
LEG3−0.0130.110*0.105*0.182**0.0610.0760.030−0.0850.152**0.271**0.307**1.000
LEG40.147**0.357**0.281**0.214**0.197**0.240**0.0290.0690.247**0.661**0.672**0.175**1.000
CYN10.039−0.124*−0.098−0.0260.009−0.0020.0580.0950.007−0.175**−0.185**−0.414**−0.0147**1.000
CYN20.006−0.076−0.091−0.098−0.058−0.0330.0790.150**−0.045−0.210**−0.229**−0.477**−0.148**0.632**1.000
CYN3−0.190**−0.331**−0.299**−0.216**−0.207**−0.243**−0.070−0.041−0.236**−0.575**−0.567**−0.226**−0.531**0.207**0.269**1.000
CYN4−0.010−0.128*−0.084−0.119*−0.078−0.144**0.0320.127*−0.086−0.335**−0.355**−0.532**−0.232**0.473**0.571**0.389**1.000
CYN50.010−0.093−0.058−0.162**−0.047−0.0730.0970.152**−0.031−0.353**−0.369**−0.490**−0.259**0.469**0.544**0.335**0.787**1.000
CYN60.017−0.073−0.050−0.167**−0.113*−0.121*0.0300.085−0.101*−0.337**−0.367**−0.474**−0.232**0.406**0.520**0.354**0.766**0.782**1.000
OCI10.0560.246**0.185**0.227**0.163**0.151**0.0160.0210.200**0.459**0.475**0.192**0.417**−0.158**−0.129*−0.381**−0.255**−0.235**−0.229**1.000
OCI20.140**0.271**0.204**0.256**0.177**0.157**−0.053−0.0390.197**0.507**0.497**0.201**0.411**−0.160**−0.190**−0.403**−0.244**−0.227**−0.254**0.735**1.000
OCI30.125*0.265**0.153**0.197**0.117*0.159**−0.024−0.0140.206**0.466**0.459**0.113*0.475**−0.068−0.077−0.364**−0.181**−0.194**−0.179**0.560**0.681**1.000
OCI40.0810.265**0.161**0.177**0.109*0.137**0.0380.0330.224**0.445**0.469**0.0450.459**−0.064−0.023−0.340**−0.133**−0.171**−0.121*0.565**0.625**0.761**1.000
OCI50.0460.250**0.150**0.168**0.0790.129*−0.0490.0330.218**0.528**0.506**0.104*0.462**−0.108*−0.104*−0.361**−0.181**−0.185**−0.227**0.576**0.686**0.708**0.779**1.000
OCI60.0640.262**0.167**0.203**0.130*0.163**−0.0080.0060.215**0.522**0.515**0.170**0.492**−0.091−0.081−0.374**−0.206**−0.226**−0.220**0.612**0.674**0.694**0.680**0.736**1.000
OCO10.114*0.313**0.225**0.304**0.313**0.211**0.0030.0100.234**0.447**0.468**0.274**0.348**−0.180**−0.301**−0.453**−0.361**−0.328**−0.321**0.438**0.442**0.339**0.276**0.331**0.452**1.000
OCO20.131**0.251**0.187**0.257**0.277**0.205**0.0310.0610.258**0.504**0.517**0.289**0.390**−0.191**−0.247**−0.446**−0.294**−0.263**−0.305**0.455**0.504**0.415**0.342**0.390**0.505**0.677**1.000
OCO3−0.0310.106*0.107*0.0200.0140.103*0.001−0.127*0.113*0.326**0.323**0.366**0.207**−0.378**−0.415**−0.258**−0.425**−0.395**−0.368**0.285**0.289**0.208**0.189**0.259**0.263**0.344**0.376**1.000
OCO40.0260.137**0.0820.113*0.0900.072−0.054−0.132**0.113*0.310**0.329**0.438**0.192**−0.368**−0.433**−0.310**−0.570**−0.468**−0.486**0.248**0.309**0.206**0.113*0.174**0.266**0.462**0.463**0.572**1.000
OCO5−0.0350.134**0.0470.0160.0220.046−0.171**−0.193**−0.0170.355**0.368**0.356**0.271**−0.329**−0.360**−0.284**−0.443**−0.451**−0.404**0.258**0.308**0.277**0.236**0.296**0.318**0.347**0.348**0.530**0.597**1.000
OCO60.0620.249**0.136**0.152**0.144**0.089−0.0640.0110.123*0.398**0.384**0.167**0.318**−0.139**−0.0233**−0.415**−0.281**−0.305**−0.250**0.366**0.331**0.258**0.273**0.331**0.373**0.421**0.429**0.210**0.272**0.381**1.000
CWI1−0.0730.008−0.083−0.094−0.024−0.0490.0850.146**0.043−0.207**−0.228**−0.309**−0.149**0.316**0.394**0.191**0.396**0.382**0.415**−0.082−0.178**−0.084−0.009−0.058−0.060−0.200**−0.215**−0.331**−0.426**−0.345**−0.124*1.000
CWI2−0.0450.013−0.021−0.083−0.019−0.0700.0570.127*−0.040−0.291**−0.279**−0.261**−0.161**0.215**0.324**0.215**0.361**0.371**0.396**−0.225**−0.245**−0.214**−0.198**−0.244**−0.206**−0.259**−0.281**−0.455**−0.424**−0.413**−0.154**0.641**1.000
CWI30.022−0.043−0.006−0.090−0.035−0.0620.0940.126*−0.050−0.248**−0.292**−0.330**−0.143**0.307**0.403**0.162**0.445**0.421**0.487**−0.152**−0.214**−0.147**−0.041−0.131**−0.174**−0.309**−0.336**−0.369**−0.495**−0.422**−0.154**0.682**0.649**1.000
CWO1−0.067−0.023−0.019−0.163**−0.0113*−0.0810.0380.075−0.070−0.283**−0.333**−0.301**−0.193**0.197**0.280**0.212**0.332**0.358**0.402**−0.239**−0.305**−0.274**−0.202**−0.269**−0.249**−0.345**−0.388**−0.407**−0.471**−0.442**−0.185**0.592**0.697**0.729**1.000
CWO2−0.030−0.131**−0.115*−0.136**−0.084−0.082−0.026−0.025−0.111*−0.272**−0.300**−0.359**−0.195**0.286**0.356**0.156**0.356**0.304**0.375**−0.208**−0.280**−0.189**−0.154**−0.218**−0.187**−0.289**−0.364**−0.350**−0.459**−0.353**−0.167**0.520**0.499**0.636**0.614**1.000
CWO3−0.066−0.166**−0.104*−0.132**−0.120*−0.159**0.0050.021−0.122*−0.263**−0.311**−0.323**−0.154**0.277**0.313**0.124*0.427**0.351**0.416**−0.152**−0.227**−0.222**−0.140**−0.167**−0.189**−0.240**−0.327**−0.326**−0.468**−0.362**−0.154**0.492**0.394**0.638**0.579**0.611**1.000
ISS10.170**0.313**0.262**0.213**0.233**0.202**0.0060.0530.175**0.569**0.518**0.0880.474**−0.084−0.164**−0.489**−0.257**−0.264**−0.269**0.432**0.444**0.440**0.475**0.501**0.503**0.443**0.413**0.275**0.243**0.346**0.391**−0.137**−0.248**−0.166**−0.230**−0.189**−0.198**1.000
ISS20.151**0.317**0.293**0.270**0.170**0.233**0.0410.0100.200**0.615**0.569**0.170**0.467**−0.109*−0.197**−0.531**−0.330**−0.310**−0.327**0.435**0.482**0.518**0.487**0.549**0.544**0.456**0.474**0.318**0.294**0.337**0.363**−0.228**−0.326**−0.260**−0.272**−0.277**−0.272**0.685**1.000
ISS30.126*0.326**0.282**0.241**0.176**0.187**0.0530.0640.209**0.600**0.559**0.175**0.471**−0.141**−0.231**−0.517**−0.360**−0.317**−0.328**0.473**0.491**0.487**0.480**0.542**0.551**0.465**0.456**0.344**0.329**0.333**0.409**−0.173**−0.315**−0.241**−0.276**−0.252**−0.270**0.684**0.795**1.000
ISS40.234**0.341**0.330**0.299**0.268**0.303**0.112*0.0210.218**0.556**0.529**0.219**0.433**−0.179**−0.275**−0.531**−0.356**−0.325**−0.340**0.414**0.461**0.427**0.395**0.413**0.482**0.508**0.526**0.303**0.341**0.310**0.404**−0.232**−0.319**−0.285**−0.336**−0.256**−0.271**0.601**0.711**0.751**1.000
ISS50.152**0.353**0.325**0.263**0.226**0.278**0.056−0.0010.221**0.608**0.601**0.181**0.482**−0.164**−0.247**−0.536**−0.357**−0.317**−0.343**0.443**0.452**0.433**0.409**0.468**0.521**0.510**0.538**0.317**0.324**0.296**0.414**−0.199**−0.290**−0.283**−0.284**−0.251**−0.270**0.638**0.717**0.751**0.833**1.000
ISS60.172**0.352**0.316**0.253**0.207**0.237**0.0980.0750.267**0.563**0.565**0.186**0.487**−0.174**−0.237**−0.494**−0.317**−0.298**−0.335**0.493**0.474**0.440**0.403**0.461**0.520**0.501**0.493**0.294**0.334**0.316**0.370**−0.207**−0.302**−0.265**−0.282**−0.262**−0.237**0.629**0.693**0.757**0.725**0.814**1.000

References

  1. Aniscenko, Z.; Robalino-López, A.; Rodrígue, T.E.; Pérez, B.E. Regional Cooperation in Dealing with Environmental Protection. E-Government and Sustainable Development in Andean Countries. In Proceedings of the International Scientific and Practical Conference, Rezekne, Latvia, 15–17 June 2017. [Google Scholar] [CrossRef]
  2. Nica, E.; Potcovaru, A. Effective m-government services and increased citizen participation: Flexible and personalized ways of interacting with public administrations. J. Self-Gov. Manag. Econ. 2015, 3, 92–97. [Google Scholar]
  3. Lee, Y.B. Exploring the relationship between E-government development and environmental sustainability: A study of small island developing states. Sustainability 2017, 9, 732. [Google Scholar] [CrossRef]
  4. Bernhard, I.; Wihlborg, E. Municipal contact centres: A slower approach towards sustainable local development by E-government. Eur. Plan. Stud. 2015, 23, 2292–2309. [Google Scholar] [CrossRef]
  5. Choi, H.; Park, M.J.; Rho, J.J.; Zo, H. Rethinking the assessment of E-government implementation in developing countries from the perspective of the design–reality gap: Applications in the Indonesian e-procurement system. Telecommun. Policy 2016, 40, 644–660. [Google Scholar] [CrossRef]
  6. Estevez, E.; Janowski, T. Electronic governance for sustainable development: Conceptual framework and state of research. Gov. Inf. Q. 2013, 30, S94–S109. [Google Scholar] [CrossRef]
  7. Janowski, T. Implementing sustainable development goals with digital government—Aspiration-capacity gap. Gov. Inf. Q. 2016, 33, 603–613. [Google Scholar] [CrossRef]
  8. Larsson, H.; Grönlund, A. Sustainable eGovernance? Practices, problems and beliefs about the future in Swedish eGov practice. Gov. Inf. Q. 2016, 33, 105–114. [Google Scholar] [CrossRef]
  9. Hu, Q.; Hart, P.; Cooke, D. The Role of External Influences on Organizational Information Security Practices: An Institutional Perspective. In Proceedings of the Annual Hawaii International Conference on System Sciences, Kauai, Hawaii, 4–7 January 2006; Volume 6, pp. 1–10. [Google Scholar]
  10. Zheng, D.; Chen, J.; Huang, L.; Zhang, C. E-government adoption in public administration organizations: Integrating institutional theory perspective and resource-based view. Eur. J. Inf. Syst. 2013, 22, 221–234. [Google Scholar] [CrossRef]
  11. Coursey, D.; Norris, D.F. Models of E-government: Are they correct? An empirical assessment. Public Adm. Rev. 2008, 68, 523–536. [Google Scholar] [CrossRef]
  12. Boss, S.R.; Kirsch, L.J.; Angermeier, I.; Shingler, R.A.; Boss, R.W. If someone is watching, I’ll do what I’m asked: Mandatoriness, control, and information security. Eur. J. Inf. Syst. 2009, 18, 151–164. [Google Scholar] [CrossRef]
  13. Hill, L.B.; Pemberton, J.M. Information security: An overview and resource guide for information managers. Rec. Manag. Q. 1995, 29, 14–24. [Google Scholar]
  14. Hsu, C.; Lee, J.; Straub, D.W. Institutional influences on information systems security innovations. Inf. Syst. Res. 2012, 23, 918–939. [Google Scholar] [CrossRef]
  15. PricewaterhouseCoopers. Key Findings from the 2013 US State of Cybercrime Survey; PricewaterhouseCoopers: Delaware, DE, USA, 2013; Available online: http://cybersafetyunit.com/download/pdf/us-state-of-cybercrime.pdf (accessed on 10 May 2018).
  16. Willison, R.; Warkentin, M. Beyond deterrence: An expanded view of employee computer abuse. MIS Q. 2013, 37, 1–20. [Google Scholar] [CrossRef]
  17. Feng, N.; Wang, H.J.; Li, M. A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Inf. Sci. 2014, 256, 57–73. [Google Scholar] [CrossRef]
  18. National Security Institute. Cyber Security: Keeping Up with the Threat; National Security Institute: Medway, MA, USA, 2009. [Google Scholar]
  19. Bjorck, F. Institutional Theory: A New Perspective for Research into IS/IT Security in Organisations. In Proceedings of the 37th Hawaii International Conference on System Sciences, Big Island, Hawaii, 5–8 January 2004. [Google Scholar]
  20. DiMaggio, P.J.; Powell, W.W. The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. Am. Sociol. Rev. 1983, 48, 147–160. [Google Scholar] [CrossRef]
  21. Meyer, J.W.; Rowan, B. Institutionalized organizations: Formal structure as myth and ceremony. Am. J. Sociol. 1977, 83, 340–363. [Google Scholar] [CrossRef]
  22. Sun, P.L.; Ku, C.Y.; Shih, D.H. An implementation framework for E-government 2.0. Telemat. Inform. 2015, 32, 504–520. [Google Scholar] [CrossRef]
  23. National Information Society Agency. The United Nations Project Office on Governance E-Government of Korea: Best Practices; Ministry of Public Administration and Security: Seoul, Korea, 2009.
  24. Greene, G.; D’Arcy, J. Assessing the Impact of Security Culture and the Employee-Organization Relationship on IS Security Compliance. In Proceedings of the 5th Annual Symposium on Information Assurance (ASIA’10), Albany, NY, USA, 16–17 June 2010; pp. 1–8. [Google Scholar]
  25. Nazareth, D.L.; Choi, J. A system dynamics model for information security management. Inf. Manag. 2015, 52, 123–134. [Google Scholar] [CrossRef]
  26. Ifinedo, P. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Inf. Manag. 2014, 51, 69–79. [Google Scholar] [CrossRef]
  27. Kraemer, S.; Carayon, P.; Clem, J. Human and organizational factors in computer and information security: Pathways to vulnerabilities. Comput. Secur. 2009, 28, 509–520. [Google Scholar] [CrossRef]
  28. Dhillon, G.; Backhouse, J. Current directions in IS security research: Towards socio-organizational perspectives. Inf. Syst. J. 2001, 11, 127–153. [Google Scholar] [CrossRef]
  29. Currie, W.L. Institutional isomorphism and change: The national programme for IT—10 years on. J. Inf. Technol. 2012, 27, 236–248. [Google Scholar] [CrossRef]
  30. Eom, S. Institutional dimensions of E-government development: Implementing the business reference model in the United States and Korea. Adm. Soc. 2012, 45, 875–907. [Google Scholar] [CrossRef]
  31. Hsu, C.W. Frame misalignment: Interpreting the implementation of information systems security certification in an organization. Eur. J. Inf. Syst. 2009, 18, 140–150. [Google Scholar] [CrossRef]
  32. Ashworth, R.; Boyne, G.; Delbridge, R. Escape from the iron cage? Organizational change and isomorphic pressures in the public sector. J. Public Adm. Res. Theory 2009, 19, 165–187. [Google Scholar] [CrossRef]
  33. Frumkin, P.; Galaskiewicz, J. Institutional isomorphism and public sector organizations. J. Public Adm. Res. Theory 2004, 14, 283–307. [Google Scholar] [CrossRef]
  34. Tolbert, P.S.; Zucker, L.G. Institutional sources of change in the formal structure of organizations: The diffusion of civil service reform, 1880–1935. Adm. Sci. Q. 1983, 28, 22–39. [Google Scholar] [CrossRef]
  35. Lawton, A.; McKevitt, D.; Millar, M. Developments: Coping with ambiguity: Reconciling external legitimacy and organizational implementation in performance measurement. Public Money Manag. 2000, 20, 13–20. [Google Scholar] [CrossRef]
  36. Leiter, J. Structural isomorphism in Australian nonprofit organizations. Int. J. Volunt. Nonprofit Org. 2005, 16, 1–31. [Google Scholar] [CrossRef]
  37. Hu, Q.; Hart, P.; Cooke, D. The role of external and internal influences on information systems security—A neo-institutional perspective. J. Strateg. Inf. Syst. 2007, 16, 153–172. [Google Scholar] [CrossRef]
  38. Currie, W.L.; Swanson, E.B. Special issue on institutional theory in information systems research: Contextualizing the IT artefact. J. Inf. Technol. 2009, 24, 283–285. [Google Scholar] [CrossRef]
  39. Herold, D.M.; Fedor, D.B.; Caldwell, S.; Liu, Y. The effects of transformational and change leadership on employees’ commitment to a change: A multilevel study. J. Appl. Psychol. 2008, 93, 346–357. [Google Scholar] [CrossRef] [PubMed]
  40. Carpenter, V.L.; Feroz, E.H. Institutional theory and accounting rule choice: An analysis of four US state governments’ decisions to adopt generally accepted accounting principles. Account. Organ. Soc. 2001, 26, 565–596. [Google Scholar] [CrossRef]
  41. Cordella, A.; Tempini, N. E-government and organizational change: Reappraising the role of ICT and bureaucracy in public service delivery. Gov. Inf. Q. 2015, 32, 279–286. [Google Scholar] [CrossRef] [Green Version]
  42. Bulgurcu, B.; Cavusoglu, H.; Benbasat, I. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Q. 2010, 34, 523–548. [Google Scholar] [CrossRef]
  43. Knapp, K.J.; Marshall, T.E.; Rainer, R.K., Jr.; Ford, F.N. Information security effectiveness: Conceptualization and validation of a theory. Int. J. Inf. Secur. Priv. 2007, 1, 37–60. [Google Scholar] [CrossRef]
  44. Straub, D.W. Effective IS security: An empirical study. Inf. Syst. Res. 1990, 1, 255–276. [Google Scholar] [CrossRef]
  45. Kankanhalli, A.; Teo, H.H.; Tan, B.C.Y.; Wei, K.K. An integrative study of information systems security effectiveness. Int. J. Inf. Manag. 2003, 23, 139–154. [Google Scholar] [CrossRef]
  46. Hagen, J.M.; Albrechtsen, E.; Hovden, J. Implementation and effectiveness of organizational information security measures. Inf. Manag. Secur. 2008, 16, 377–397. [Google Scholar] [CrossRef]
  47. Selander, L.; Henfridsson, O. Cynicism as user resistance in IT implementation. Inf. Syst. J. 2012, 22, 289–312. [Google Scholar] [CrossRef]
  48. Orlikowski, W.J.; Barley, S.R. Technology and institutions: What can research on information technology and research on organizations learn from each other? MIS Q. 2001, 25, 145–165. [Google Scholar] [CrossRef]
  49. Podsakoff, P.M.; MacKenzie, S.B. Organizational citizenship behaviors and sales unit effectiveness. J. Mark. Res. 1994, 31, 351–363. [Google Scholar]
  50. Pavlou, P.A.; Fygenson, M. Understanding and predicting electronic commerce adoption: An extension of the theory of planned behavior. MIS Q. 2006, 30, 115–143.54. [Google Scholar] [CrossRef]
  51. Rao, H. The social construction of reputation: Certification contests, legitimation, and the survival of organizations in the American automobile industry: 1895–1912. Strateg. Manag. J. 1994, 15, 29–44. [Google Scholar] [CrossRef]
  52. Borman, W.C.; Motowidlo, S.J. Task performance and contextual performance: The meaning for personnel selection research. Hum. Perform. 1997, 10, 99–109. [Google Scholar] [CrossRef]
  53. Dalal, R.S. A meta-analysis of the relationship between organizational citizenship behavior and counterproductive work behavior. Am. Psychol. Assoc. 2005, 90, 1241–1255. [Google Scholar] [CrossRef] [PubMed]
  54. Lodge, M.; Wegrich, K. Control over government: Institutional isomorphism and governance dynamics in German public administration. Policy Stud. J. 2005, 33, 213–233. [Google Scholar] [CrossRef]
  55. Seo, M.; Creed, W.D. Institutional contradictions, praxis, and institutional change: A dialectical perspective. Acad. Manag. Rev. 2002, 27, 222–247. [Google Scholar] [CrossRef]
  56. Ashforth, B.E.; Gibbs, B.W. The double-edge of organizational legitimation. Org. Sci. 1990, 1, 177–194. [Google Scholar] [CrossRef]
  57. Scott, W.R. Institutions and Organizations, 2nd ed.; Sage: Thousand Oaks, CA, USA, 2001. [Google Scholar]
  58. Suchman, M.C. Managing legitimacy—Strategic and institutional approaches. Acad. Manag. Rev. 1995, 20, 571–610. [Google Scholar] [CrossRef]
  59. Westphal, J.D.; Gulati, R.; Shortell, S.M. Customization or conformity? An institutional and network perspective on the content and consequences of TQM adoption. Adm. Sci. Q. 1997, 42, 366–394. [Google Scholar] [CrossRef]
  60. Reichers, A.E.; Wanous, J.P.; Austin, J.T. Understanding and managing cynicism about organizational change. Acad. Manag. Exec. 1997, 11, 48–59. [Google Scholar] [CrossRef]
  61. Irvine, H.J. Corporate creep: An institutional view of consultancies in a non-profit organisation. Aust. Account. Rev. 2007, 17, 13–25. [Google Scholar] [CrossRef]
  62. Organ, D.W. Organizational Citizenship Behavior: The Good Soldier Syndrome; Lexington Books/D. C. Heath and Co.: Lexington, MA, USA, 1988. [Google Scholar]
  63. Lawrence, J.; Ott, M.; Bell, A. Faculty organizational commitment and citizenship. Res. High. Educ. 2012, 53, 325–352. [Google Scholar] [CrossRef]
  64. Williams, L.J.; Anderson, S.E. Job satisfaction and organizational commitment as predictors of organizational citizenship and in-role behaviors. J. Manag. 1991, 17, 601–617. [Google Scholar] [CrossRef]
  65. Sharma, U.; Lawrence, S.; Lowe, A. Institutional contradiction and management control innovation: A field study of total quality management practices in a privatized telecommunication company. Manag. Account. Res. 2010, 21, 251–264. [Google Scholar] [CrossRef]
  66. Evans, W.R.; Novicevic, M.M. Legitimacy of HRM practices: Managerial perceptions of economic and normative value. J. Appl. Manag. Entrep. 2010, 15, 13–27. [Google Scholar]
  67. Wat, D.; Shaffer, M.A. Equity and relationship quality influences on organizational citizenship behaviors: The mediating role of trust in the supervisor and empowerment. Pers. Rev. 2005, 34, 406–422. [Google Scholar] [CrossRef]
  68. Yen, H.R.; Li, E.Y.; Niehoff, B.P. Do organizational citizenship behaviors lead to information system success? Testing the mediation effects of integration climate and project management. Inf. Manag. 2008, 45, 394–402. [Google Scholar] [CrossRef]
  69. Ke, W.; Wei, K.K. Organizational culture and leadership in ERP implementation. Decis. Support Syst. 2008, 45, 208–218. [Google Scholar] [CrossRef]
  70. Holderness, D.; Litzky, B.; MacLean, T. When organizations don’t walk their talk: A cross-level examination of how decoupling formal ethics programs affects organizational members. J. Bus. Ethics 2015, 128, 351–368. [Google Scholar]
  71. Hwang, K.; Choi, M. Effects of innovation-supportive culture and organizational citizenship behavior on E-government information system security stemming from mimetic isomorphism. Gov. Inf. Q. 2017, 34, 183–198. [Google Scholar] [CrossRef]
  72. Dyne, L.; LePine, J.A. Helping and voice extra-role behaviors: Evidence of construct and predictive validity. Acad. Manag. J. 1998, 41, 108–119. [Google Scholar]
  73. McNeely, B.L.; Meglino, B.M. The role of dispositional and situational antecedents in prosocial organizational behavior: An examination of the intended beneficiaries of prosocial behavior. J. Appl. Psychol. 1994, 79, 836–844. [Google Scholar] [CrossRef]
  74. Crowe, E.; Higgins, E.T. Regulatory focus and strategic inclinations: Promotion and prevention in decision-making. Org. Behav. Hum. Decis. Process. 1997, 69, 117–132. [Google Scholar] [CrossRef]
  75. Atwater, L.E.; Waldman, D.A.; Atwater, D.; Cartier, P. An upward feedback field experiment: Supervisors’ cynicism, reactions, and commitment to subordinates. Pers. Psychol. 2000, 53, 275–297. [Google Scholar] [CrossRef]
  76. Dean, J.W.; Brandes, P.; Dharwadkar, R. Organizational cynicism. Acad. Manag. Rev. 1998, 23, 341–352. [Google Scholar] [CrossRef]
  77. Bergström, O.; Styhre, A.; Thilander, P. Paradoxifying organizational change: Cynicism and resistance in the Swedish armed forces. J. Chang. Manag. 2014, 14, 384–404. [Google Scholar] [CrossRef]
  78. Brown, M.; Cregan, C. Organizational change cynicism: The role of employee involvement. Hum. Resour. Manag. 2008, 47, 667–686. [Google Scholar] [CrossRef]
  79. Stanley, D.J.; Meyer, J.P.; Topolnytsky, L. Employee cynicism and resistance to organizational change. J. Bus. Psychol. 2005, 19, 429–459. [Google Scholar] [CrossRef]
  80. Martinko, M.J.; Zmud, R.W.; Henry, J.W. An attributional explanation of individual resistance to the introduction of information technologies in the workplace. Behav. Inf. Technol. 1996, 15, 313–330. [Google Scholar] [CrossRef]
  81. Bommer, W.H.; Rich, G.A.; Rubin, R.S. Changing attitudes about change: Longitudinal effects of transformational leader behavior on employee cynicism about organizational change. J. Org. Behav. 2005, 26, 733–753. [Google Scholar] [CrossRef]
  82. Wanous, J.P.; Reichers, A.E.; Austin, J.T. Cynicism about organizational change measurement, antecedents, and correlates. Group Org. Manag. 2000, 25, 132–153. [Google Scholar] [CrossRef]
  83. Kotter, J.P. Leading change: Why transformation efforts fail. Harv. Bus. Rev. 2007, 85, 96–103. [Google Scholar]
  84. McKinley, W.; Sanchez, C.M.; Schick, A.G. Organizational downsizing: Constraining, cloning, learning. Acad. Manag. Exec. 1995, 9, 32–42. [Google Scholar] [CrossRef]
  85. Lapointe, L.; Rivard, S. A multilevel model of resistance to information technology. MIS Q. 2005, 29, 461–491. [Google Scholar] [CrossRef]
  86. Joshi, K. A model of users’ perspective on change: The case of information systems technology implementation. MIS Q. 1991, 15, 229–242. [Google Scholar] [CrossRef]
  87. Marakas, G.M.; Hornik, S. Passive resistance misuse: Overt support and covert recalcitrance in IS implementation. Eur. J. Inf. Syst. 1996, 5, 208–219. [Google Scholar] [CrossRef]
  88. Gaski, J.F. The theory of power and conflict in channels of distribution. J. Mark. 1984, 48, 9–29. [Google Scholar] [CrossRef]
  89. Markus, M.L. Power, politics, and MIS implementation. Commun. ACM 1983, 26, 430–444. [Google Scholar] [CrossRef]
  90. Martinko, M.J.; Gundlach, M.J.; Douglas, S.C. Toward an integrative theory of counterproductive workplace behavior: A causal reasoning perspective. Int. J. Sel. Assess. 2002, 10, 36–50. [Google Scholar] [CrossRef]
  91. Vance, R.; Brooks, S.; Tesluk, P. Organizational Cynicism, Cynical Cultures, and Organizational Change Efforts. In Proceedings of the 10th Annual Conference of the Society for Industrial and Organizational Psychology, Orlando, FL, USA, 17–20 May 1995. [Google Scholar]
  92. MacLean, T.; Behnam, M. The dangers of decoupling: The relationship between compliance programs, legitimacy perceptions and institutionalized misconduct. Acad. Manag. J. 2010, 53, 1499–1520. [Google Scholar] [CrossRef]
  93. Jensen, J.M.; Opland, R.A.; Ryan, A.M. Psychological contracts and counterproductive work behaviors: Employee responses to transactional and relational breach. J. Bus. Psychol. 2010, 25, 555–568. [Google Scholar] [CrossRef]
  94. Band, S.R.; Cappelli, D.M.; Fischer, L.F.; Moore, A.P.; Shaw, E.D.; Trzeciak, R.F. Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis; Technical Report CMU/SEI-2006-TR-026, ESC-TR-2006-091; Defense Technical Information Center: Fort Belvoir, VA, USA, 2006.
  95. Rhee, H.S.; Kim, C.; Ryu, Y.U. Self-efficacy in information security: Its influence on end users’ information security practice behavior. Comput. Secur. 2009, 28, 816–826. [Google Scholar] [CrossRef]
  96. Marcus, B.; Schuler, H. Antecedents of counterproductive behavior at work: A general perspective. J. Appl. Psychol. 2004, 89, 647–660. [Google Scholar] [CrossRef] [PubMed]
  97. Heugens, P.P.; Lander, M.W. Structure! Agency! (and other quarrels): A meta-analysis of institutional theories of organization. Acad. Manag. J. 2009, 52, 61–85. [Google Scholar] [CrossRef]
  98. Liang, H.; Saraf, N.; Hu, Q.; Xue, Y. Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management. MIS Q. 2007, 31, 59–87. [Google Scholar] [CrossRef]
  99. Lee, S.; Yoon, J. The effects of corporate social responsibility. Korean Manag. Rev. 2011, 40, 919–954. [Google Scholar]
  100. Yoon, J.; Thye, S. Supervisor support in the work place: Legitimacy and positive affectivity. J. Soc. Psychol. 2000, 140, 295–316. [Google Scholar] [CrossRef] [PubMed]
  101. Bennett, R.J.; Robinson, S.L. Development of a measure of workplace deviance. J. Appl. Psychol. 2000, 85, 349–360. [Google Scholar] [CrossRef] [PubMed]
  102. Aquino, K.; Lewis, M.U.; Bradfield, M. Justice constructs, negative affectivity, and employee deviance: A proposed model and empirical test. J. Org. Behav. 1999, 20, 1073–1091. [Google Scholar] [CrossRef]
  103. D’Arcy, J.; Herath, T. A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. Eur. J. Inf. Syst. 2011, 20, 643–658. [Google Scholar] [CrossRef]
  104. Herath, T.; Rao, H.R. Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 2009, 47, 154–165. [Google Scholar] [CrossRef]
  105. Gefen, D.; Straub, D.W.; Boudreau, M.C. Structural equation modeling and regression: Guidelines for research practice. Commun. Assoc. Inf. Syst. 2000, 4, 2–76. [Google Scholar]
  106. Byrne, B.M. Structural Equation Modeling with EQS and EQS Windows; Sage: London, UK, 1994. [Google Scholar]
  107. Vroom, C.; von Solms, R. Towards information security behavioural compliance. Comput. Secur. 2004, 23, 191–198. [Google Scholar] [CrossRef]
  108. Chin, W.W.; Newsted, P.R. (Eds.) Structural Equation Modeling Analysis with Small Samples Using Partial Least Squares. In Statistical Strategies for Small Sample Research; Sage: Thousand Oaks, CA, USA, 1999. [Google Scholar]
  109. Podsakoff, P.M.; Mackenzie, S.B.; Lee, J.Y.; Podsakoff, N.P. Common method biases in behavioral research: A critical review of the literature and recommended remedies. J. Appl. Psychol. 2003, 88, 879–903. [Google Scholar] [CrossRef] [PubMed]
  110. Mezias, S.J. An institutional model of organizational practice: Financial reporting at the Fortune 200. Adm. Sci. Q. 1990, 35, 431–457. [Google Scholar] [CrossRef]
  111. Eisenbach, R.; Watson, K.; Pillai, R. Transformational leadership in the context of organizational change. J. Org. Chang. Manag. 1999, 12, 80–89. [Google Scholar] [CrossRef]
Sustainability 10 01555 g001 550
Figure 1. Result of model analysis.
Figure 1. Result of model analysis.
Sustainability 10 01555 g001
Table
Table 1. Summary of hypotheses.
Table 1. Summary of hypotheses.
Hypotheses
H1. Normative isomorphism is positively associated with ISS legitimacy.
H2. Coercive isomorphism is positively associated with ISS legitimacy.
H3. Mimetic isomorphism is positively associated with ISS legitimacy.
H4. The legitimacy of ISS is positively associated with OCB-I.
H5. The legitimacy of ISS is positively associated with OCB-O.
H6. OCB-I is positively associated with ISS effectiveness.
H7. OCB-O is positively associated with ISS effectiveness.
H8. Normative isomorphism is negatively associated with organizational cynicism toward ISS.
H9. Coercive isomorphism is positively associated with organizational cynicism toward ISS.
H10. Mimetic isomorphism is positively associated with organizational cynicism toward ISS.
H11. Organizational cynicism toward ISS is positively associated with ISS-related CWB-O.
H12. Organizational cynicism toward ISS is positively associated with ISS-related CWB-I.
H13. Employees’ ISS-related CWB-O is negatively associated with ISS effectiveness.
H14. Employees’ ISS-related CWB-I is negatively associated with ISS effectiveness.
Table
Table 2. Statistics of response.
Table 2. Statistics of response.
No. of InstitutionsMinimum No. of Responses per InstitutionAverage No. of Responses per InstitutionMaximum No. of Responses per InstitutionSTD of Response
351011.38141.414
Table
Table 3. Profiles of respondents.
Table 3. Profiles of respondents.
ItemVariableFrequencyPercentage (%)
SexMale25164.7
Female13735.3
AgeUnder 20 years20.5
21–30 years348.8
31–40 years17946.1
41–50 years15138.9
Above 51 years225.7
Years WorkedLess than 1 year318.0
1–5 years9524.5
5–10 years9825.3
10–15 years4812.4
More than 15 years11629.8
PositionStaff29876.8
Assistant manager6717.3
Manager153.9
Deputy director51.2
Above the department head30.8
EducationHigh School Diploma112.8
Junior College328.2
Bachelor’s27370.4
Master’s or above7218.6
MarriageNo8922.9
Yes29977.1
Income SatisfactionVery dissatisfied4912.6
Dissatisfied13635.1
Normal16743.0
Satisfied348.8
Very Satisfied20.5
Type of EmploymentRegular37496.4
Irregular143.6
Size of InstitutionUnder 1004912.6
101–300287.2
301–6006617.0
601–10005814.9
1001–15009023.3
Above 15009725.0
Table
Table 4. Validity and reliability of the reflective constructs
Table 4. Validity and reliability of the reflective constructs
AVEComposite ReliabilityR SquareCronbach’s Alpha
Mimetic isomorphism0.6451850.8443930.735412
Normative isomorphism0.6193430.8258090.706008
Coercive isomorphism0.6237450.832510.703965
Organizational cynicism0.5976370.8355730.0541630.713303
Organizational legitimacy0.64540.8716650.1809380.793318
CPB-I0.7714270.9101040.2692980.852071
CPB-O0.7341340.8922850.2252120.818957
OCB-I0.726940.9410190.3704970.924607
OCB-O0.52340.8673710.3610630.818201
ISS effectiveness0.7669650.9517220.5179740.938844
Table
Table 5. Correlation of the latent variable scores.
Table 5. Correlation of the latent variable scores.
CORCPB-ICPB-OCYNISSLEGMIMNOROCB-IOCB-O
COR0.7898
CWB-I−0.09050.8783
CWB-O−0.18000.77080.8568
CYN−0.18050.51890.47460.7731
ISS0.3471−0.3270−0.3484−0.45540.8758
LEG0.3675−0.3224−0.3763−0.51060.67250.8034
MIM0.49490.0797−0.04660.01530.16480.20370.8032
NOR0.6354−0.0309−0.1233−0.16060.40740.39840.44360.7870
OCB-I0.2469−0.2013−0.2953−0.29980.63170.60870.12680.27870.8526
OCB-O0.2630−0.4822−0.5342−0.60530.62100.60090.06460.26170.52900.7235
Table
Table 6. Effect analysis of independent variable on dependent variable.
Table 6. Effect analysis of independent variable on dependent variable.
Direct PathDirect EffectIndirect PathIndirect EffectTotal Effect
MIM→ISS0.220MIM→CYN→CWB-O→ISS00.21125
MIM→CYN→CWB-I→ISS−0.00875
MIM→LEG→OCB-O→ISS0
MIM→LEG→OCB-I→ISS0
NOR→ISS0.405NOR→CYN→CWB-O→ISS00.547866
NOR→CYN→CWB-I→ISS0.006167
NOR→LEG→OCB-O→ISS0.063193
NOR→LEG→OCB-I→ISS0.073506
COR→ISS0.349COR→CYN→CWB-O→ISS00.435236
COR→CYN→CWB-I→ISS−0.010427
COR→LEG→OCB-O→ISS0.044685
COR→LEG→OCB-I→ISS0.051978
Table
Table 7. Analysis of common method bias.
Table 7. Analysis of common method bias.
ConstructIndicatorSubstantive Factor Loading (R1)Variance Explained (R12)Method Factor Loading (R2)Variance Explained (R22)
MIMMIM10.812963 ***0.660909−0.073371 ***0.005383
MIM20.846459 ***0.716493−0.124683 ***0.015546
MIM30.767061 ***0.5883830.194827 ***0.037958
NORNOR10.748915 ***0.560874−0.10148 ***0.010298
NOR20.769432 ***0.5920260.0904420.008180
NOR30.866657 ***0.751094−0.007805 *0.000061
CORCOR10.712957 ***0.5083080.070066 *0.004909
COR20.883308 ***0.780233−0.0680650.004633
COR30.780284 ***0.6088430.000226 ***0.000000
CYNICISMCYN10.809017 ***0.6545090.190741 ***0.036382
CYN20.862651 ***0.7441670.139019 ***0.019326
CYN3−0.1368080.0187160.5558020.308916
CYN40.906013 ***0.8208600.029836 *0.000890
CYN50.91641 ***0.8398070.064104 *0.004109
CYN60.86035 ***0.7402020.0100630.000101
LEGLEG10.908081 ***0.8246110.0101660.000103
LEG20.916257 ***0.8395270.0152510.000233
LEG30.290009 **0.0841050.200881 *0.040353
LEG40.946049 ***0.895009−0.154464 ***0.023859
CWB_ICWB-I10.925239 ***0.8560670.0828180.006859
CWB-I20.842171 ***0.709252−0.048420.002344
CWB-I30.868912 ***0.755008−0.0326140.001064
CWB_OCWB-O10.821208 ***0.674383−0.0524080.002747
CWB-O20.880718 ***0.7756640.0244410.000597
CWB-O30.868561 ***0.7543980.0279310.000780
OCB_IOCB-I10.718229 ***0.5158530.091647 *0.008399
OCB-I20.792826 ***0.6285730.090358 **0.008165
OCB-I30.900454 ***0.810817−0.0515050.002653
OCB-I40.977428 ***0.955365−0.154143 ***0.023760
OCB-I50.908722 ***0.825776−0.039280.001543
OCB-I60.812118 ***0.6595360.0671760.004513
OCB_OOCB-O10.65524 ***0.4293390.12939 **0.016742
OCB-O20.627347 ***0.3935640.176421 ***0.031124
OCB-O30.770986 ***0.594419−0.0985410.009710
OCB-O40.903246 ***0.815853−0.154556 ***0.023888
OCB-O50.83539 ***0.697876−0.127826 **0.016339
OCB-O60.567749 ***0.3223390.0512330.002625
ISSISS10.812456 ***0.660085−0.014670.000215
ISS20.854762 ***0.7306180.0255320.000652
ISS30.92774 ***0.860702−0.0283410.000803
ISS40.858241 ***0.7365780.028260.000799
ISS50.920345 ***0.847035−0.0151410.000229
ISS60.877293 ***0.7696430.0037520.000014
Average0.7998480.6745910.0237920.015995
* p < 0.01, ** p < 0.05, *** p < 0.001.
Table
Table 8. Summary of hypotheses.
Table 8. Summary of hypotheses.
HypothesisStd Regression WeightSig LevelSupported
H1. Normative isomorphism is positively associated with ISS legitimacy.0.2810.001Yes
H2. Coercive isomorphism is positively associated with ISS legitimacy.0.1990.001Yes
H3. Mimetic isomorphism is positively associated with ISS legitimacy.−0.019N.S.No
H4. The legitimacy of ISS is positively associated with OCB-I.0.6090.001Yes
H5. The legitimacy of ISS is positively associated with OCB-O.0.6010.001Yes
H6. OCB-I is positively associated with ISS effectiveness.0.4300.001Yes
H7. OCB-O is positively associated with ISS effectiveness.0.3750.001Yes
H8. Normative isomorphism is negatively associated with organizational cynicism toward ISS.−0.1110.01Yes
H9. Coercive isomorphism is positively associated with organizational cynicism toward ISS.−0.1880.001Yes
H10. Mimetic isomorphism is positively associated with organizational cynicism toward ISS.0.1580.01Yes
H11. Organizational cynicism toward ISS is positively associated with ISS-related CWB-O.0.4750.001Yes
H12. Organizational cynicism toward ISS is positively associated with ISS-related CWB-I.0.5190.001Yes
H13. Employees’ ISS-related CWB-O is negatively associated with ISS effectiveness.0.061N.S.No.
H14. Employees’ ISS-related CWB-I is negatively associated with ISS effectiveness−0.1070.01Yes

Share and Cite

MDPI and ACS Style

Choi, M.; Lee, J.; Hwang, K. Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism. Sustainability 2018, 10, 1555. https://doi.org/10.3390/su10051555

AMA Style

Choi M, Lee J, Hwang K. Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism. Sustainability. 2018; 10(5):1555. https://doi.org/10.3390/su10051555

Chicago/Turabian Style

Choi, Myeonggil, Jungwoo Lee, and Kumju Hwang. 2018. "Information Systems Security (ISS) of E-Government for Sustainability: A Dual Path Model of ISS Influenced by Institutional Isomorphism" Sustainability 10, no. 5: 1555. https://doi.org/10.3390/su10051555

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop